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REMARKS 

The Office Action dated December 3, 2008, ("Office Action") has been received and 
carefully considered. Claims 1-4, 6, 8-20, 23 and 25-26 are pending in this application. In this 
response, claims 27-29 have been added. No new matter has been added. Entry of the addition 
of claims 27-29 are respectfully requested. Reconsideration of the outstanding rejection in the 
present application is also respectfully requested based on the following remarks. 

A. The 35 U.S.C. §103 Rejection Based on Sauier and Sampson 

Claims 9-19, and 23 are currently rejected under 35 U.S.C. 103(a) as being allegedly 
unpatentable over U.S. Patent No. 7,188,181 to Squier et al. ("Squier") in view of U.S. Patent 
No. 6,339,423 to Sampson et al. ("Sampson"). This rejection is traversed. 

Regarding claim 9, the Office Action alleges that Squier discloses that "the retrieving 
information from the session token held by the client comprises receiving a session token from 
the client corresponding to the second system ." as recited in claim 9. (emphasis added). 
Applicant respectfully disagrees. In contrast, Squier merely discloses that the session identifier 
created by the origin server is passed or handed to the destination server by the user when the 
user makes the request on the destination Web site. See, column 5, lines 65-67. Also, Squier 
discloses that an identifier contains an indicator of the original server . By examining the fields 
in the cookie the destination server is informed that the session identifier verv likely came from 
the origin server ." See, column 6, lines 10-13. (emphasis added). Therefore, Applicant 
respectfully submits that Squier, at best, discloses a session token held by the client 
corresponding to the first system and fails to disclose, or even suggest, that "the retrieving 
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information from the session token held by the client comprises receiving a session token from 
the client corresponding to the second system ." as recited in claim 9. (emphasis added). 

Also, the Office Action alleges that Squier discloses "granting a session credential to the 
client on the first system, after determining that the client has a valid session credential granted 
on the second system ," as recited in claim 9. (emphasis added). Applicant respectfully 
disagrees. In contrast, Squier discloses in Figure 2, at step 202, that a user explicitly logs onto a 
server referred to as an origin server by , at step 204, that the information input by the user is 
used to create a session between the user and the origin server, wherein a session is represented 
by a session identifier that originates and belongs to the original server, and at step 206, that the 
origin server transmits the session identifier to the user which the user (i.e., Web browser) 
stores for subsequent requests for service on the origin server. See, column 4, line 67 to column 
5, line 44. Subsequently, Squier discloses at step 212, that the destination server determines 
whether a session identifier from the user is from a valid server. See, column 6, lines 27-29. 
Thus, Applicant respectfully submits that Squier at best, discloses that a client is granted a 
session credential on the first system after the user inputs the information and fails to disclose, 
or even suggest, "granting a session credential to the client on the first system, after determining 
that the client has a valid session credential granted by the second system ," as recited in claim 
9. (emphasis added). 

Further, claim 9 is directed to a method for validating session credentials of a client. In 

particular, claim 9 recites: 

determining, at the first system that a client does not have a valid session 
credential granted by the first system; 

after the determining, retrieving, at the first system, information from a session 
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token held by the client, the information being retrieved from the client, the 
information corresponding to a session credential for the second system that 
grants session credentials based on successful authentication at the second 
system, . . . 

Applicant of course appreciates that patentability is based on the claimed invention. However, 

such claimed features are reflective of Applicant's disclosure in paragraphs [0040]-[0045] of the 

published patent application. Therein, the present application discloses: 

[0042] At step 204, system 1 (102) determines whether the client has a valid 
single sign-on (SSO) session. 

[0043] If the client has a valid SSO session, then at step 206, the client is granted 
access to the protected resource(s) of system 1 (102), and the method ends. 

[0044] If, at step 204, it is determined that the client does not have a valid SSO 
session, then at step 208, system 1 (102) retrieves an SSO session token from the 
client. The token corresponds to a possible SSO session that the client has with 
another system (104). When the method of the invention is used with a web 
based application and browser, the token is the same as or similar to a cookie. 
When the method of the invention is used with systems other than the Internet 
and web based applications, the token is a piece of data or information that 
provides authentication or credentials of the client with system 2. 

As set forth in M.P.E.P 706.02(j), 35 U.S.C. 103 authorizes a rejection where, to meet the 
claim, it is necessary to modify a single reference or to combine it with one or more other 
references. M.P.E.P 706.02(j) indicates that after indicating that the rejection is under 35 U.S.C. 
103, the Examiner should set forth in the Office Action: 

(A) the relevant teachings of the prior art relied upon, preferably with reference to the 
relevant column or page number(s) and line number(s) where appropriate, 

(B) the difference or differences in the claim over the applied reference(s), 
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(C) the proposed modification of the applied reference(s) necessary to arrive at the 
claimed subject matter, and 

(D) an explanation why one of ordinary skill in the art at the time the invention was made 
would have been motivated to make the proposed modification. 

M.P.E.P 706.02(j) references the well known requirements of Graham v. John Deere . 
Further, M.P.E.P 706.02(j) notes that it is important for an Examiner to properly communicate 
the basis for a rejection so that the issues can be identified early and the Applicant can be given 
fair opportunity to reply. 

Further, Applicant notes that in KSR, the Supreme Court did not eliminate the teaching, 

suggestion, or motivation (TSM) test from the determination of obviousness, but rather merely 

opposed "a formalistic conception of the words teaching, suggestion, and motivation, or . . . 

overemphasis on the importance of published articles and the explicit content of issued patents." 

KSR International Col. v. Teteflex Inc., 127 S. Ct. 1727, 1741 (2007). As the Federal Circuit has 

subsequently explained: 

[A] flexible TSM test remains the primary guarantor against a non- 
statutory hindsight analysis.... The TSM test, flexibly applied, merely 
assures that the obviousness test proceeds on the basis of evidence - 
teachings, suggestions (a tellingly broad term), or motivations (an equally 
broad term) - that arise before the time of invention as the statute requires. 

Ortho-McNeil Pharmaceutical v. Mylan, 2007-1223, * 1 1 (Fed. Cir. Mar. 31, 2008) (emphasis 
added). Thus, to establish a prima facie case of obviousness the Examiner must show evidence 
of teaching, suggestion, or motivation to make the proposed combination of references that arose 
before the time of invention. Such a showing is required to guard against allegations of 
obviousness that are actually derived from impermissible hindsight. 
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On pages 2-3, the Office Action asserts various alleged teachings of Squire. Thereafter, 

on page 4, the Office Action acknowledges deficiencies of Squire, and attempts to cure those 

deficiencies with Sampson. Specifically, the Office Action asserts: 

Squier et al. discloses that the request and session information are sent at the 

same time (see column 5 lines 54-63), therefore fails to disclose the session information 

is retrieved from the client after determining that the client does not have valid session 

credentials. 

However, Sampson et al. teaches sending a request to a server and the server 
determining that the client doesn't have valid session credentials and requesting a 
session token from the client (see column 3 lines 34-43 where the data transmitted to 
the browser to go to the first server is a request to get a session token, i.e. cookies). 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to request the client of Squier et al. to send a session token when it is 
determined that the client doesn't have valid session credentials. 

Motivation to do so would have been to allow a user to obtain credentials to 
access a server when the user did not originally have the credentials (see Sampson et 
al. column 3 lines 34-43). 



Thus, the Office Action sets forth that the motivation to modify Squire would have been 
to allow a user to obtain credentials to access a server when the user did not originally have the 
credentials. Applicant submits that such motivation fails to support the proposed combination 
and fails to satisfy the requirements as set forth in KSR. 

That is, the Office Action's reason to modify Squire with the teachings of Sampson is to 
provide Squire with the feature of allowing a user to obtain credentials to access a server when 
the user did not originally have the credentials. However, Squire clearly already provides such 
feature. Indeed, on page 3, lines 14-21, the Office Action clearly acknowledges that Squire 
provides such feature. In other words, the Office Action proposes to make a fundamental 
change to the operation of Squire (using teachings of Sampson) based on the asserted reason of 
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providing Squire with a feature that Squire already has. Such basis for the rejection is clearly 
not supportable, and would not reasonably have motivated the one of ordinary skill to make 
such combination. In particular, Squier discloses in Figure 1, a diagram showing multiple 
servers containing Web sites in one domain and a browser in communication with one of the 
servers. See, e.g., column 4, lines 15-18. (emphasis added). Also, Squier discloses at step 210, 
that the user branches out and requests services from another Web site on another server, 
referred to as a destination server, which can communicate with the origin server and is in the 
same domain , as defined in RFC 2109. See, e.g., column 5, lines 54-57. (emphasis added). 
Moreover, Squier defines the Web sites in the same domain are those with the same top-level 
domain name, such as sun.com or a more narrow domain of eng.sun.com. See, e.g., column 5, 
lines 58-60. Additionally, Squier discloses that as defined in RFC 2109, only servers residing in 
the domain specified in the cookie can receive the cookie. See, e.g., column 6, lines 5-7. In 
contrast, Sampson discloses that a server is associated with each domain in a set of domains. 
Access to resource in the domains is governed by an access control system. A first server for a 
first domain transmits a data token to a client seeking access to a resource in a second domain . 
Also, Sampson discloses in Figure 2 that protected server 240 and resources 248 and 249 belong 
to primary domain 241, protected server 260 and resources 268 and 269 belong to secondary 
domain agent 262. See, e.g., column 4, lines 50-53. Applicant submits that Squier discloses 
using a session identifier to access Web sites in a single domain while Sampson discloses using 
a cookie to access Web sites in multiple domains , (emphasis added) Thus, Applicant 
respectfully submits that by utilizing the cookie to access Web sites in multiple domains of 
Sampson for the single domain of Squier would make a fundamental change to the operation of 
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Squire. 

Moreover, Applicant respectfully submits that Sampson fails to disclose, or even 
suggest, "determining, at the first system that a client does not have a valid session credential 
granted by the first system ," as recited in claim 9. (emphasis added). In particular, Sampson 
merely discloses that the first server ensures that the user has been authenticated before 
transmitting the data token to the browser. See, column 3, lines 38-40. Therefore, Sampson at 
best, merely discloses ensuring that the user has been authenticated and fails to disclose, or even 
suggest, "determining, at the first system that a client does not have a valid session credential 
granted by the first system ," as recited in claim 9. (emphasis added). 

As alluded to above, Applicant submits that the proposed modification to Squire is 
indeed a fundamental change which would not have been obvious. That is, for example, Squier 
teaches (in portions of Squier referenced in the Office Action) at column 5, line 65 to column 6, 
line 15: 

the session identifier created by the origin server is passed or handed to 
the destination server by the user when the user makes the request on the 
destination Web site. By examining the session identifier the destination server 
can determine that the user got the identifier from the origin server from the 
name and value fields of the cookie handed to the destination server. Those fields 
will contain the origin Web site's identifier and the session identifier, 
respectively. As defined in RFC 2109, only servers residing in the domain the 
specified in the cookie can receive the cookie. As mentioned above, the session 
identifier uniquely identifies the user and a session. In the described embodiment 
it contains an identifier containing an indicator of the origin server. 

As asserted in Applicant's prior Response, such teachings, and the other disclosure of 
Squier, fail to teach the particulars of claim 9 reciting "determining, at the first system that a 
client does not have a valid session credential granted by the first system" and "after the 
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determining, retrieving, at the first system, information from a session token held by the client, 
the information being retrieved from the client". 

Applicant submits that to modify Squire as proposed in the Office Action (i.e., as 
proposed on page 4, lines 9-1 1 of the Action) would change the operation of Squire in a 
fundamental manner. Indeed, Applicant submits that it is fully unclear how Squire would even 
be modified in such a manner. Applicant submits that the one of ordinary skill would not have 
been motivated to make such fundamental change to Squire, and in particular would not have 
been so motivated based on the lacking reasoning as set forth in the Office Action (i.e., on page 
4, lines 12-14). 

Accordingly, Applicant submits that claim 9 is allowable for at least these reasons, and 
withdrawal of the rejection under 35 U.S.C. §102 is respectfully requested. Applicant further 
submits that independent claims 10-13, 17 and 23 are allowable for similar reasons, and the 
claims dependent on these independent claims are allowable at least for their dependence on 
allowable claims. 

B. The 35 U.S.C. §103 Rejection Based on Sauier. Sampson, and Howard 

Claims 1-4, 6, 8 and 20 are currently rejected under 35 U.S.C. 103(a) as being allegedly 
unpatentable over Squier and Sampson in view of U.S. Patent No. 6,584,505 to Howard et al. 
("Howard"). 

The Office Action alleges various teachings of Squier, as modified by Sampson, as set 
forth above. However, the Office Action acknowledges, as to the rejected claims, that Squier 
and Sampson fails to teach features relating to the directing of the client (see Office Action on 
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page 6, lines 5-8). The Office Action then proposes to modify Squier with the teachings of 
Howard so as to cure such deficiencies. 

Applicant submits that even if it were obvious to so modify Squier, which Applicant does 
not admit, such modifications would fail to cure the deficiencies as discussed above. That is, 
Applicant submits that claims 1 and 20 are allowable for reasons similar to those set forth above 
with regard to claim 9. Accordingly, Applicant submits that the combination of Squier and 
Howard, as set forth in the Office Action, fail to teach or suggest each and every feature of the 
claimed invention. 

Withdrawal of the 35 U.S.C. 103 rejection is requested. 

C. The 35 U.S.C. §103 Rejection Based on Squier. Sampson, and Marks 

Claims 25 and 26 are rejected under 35 U.S.C. 103(a) as being allegedly unpatentable 
over Squier and Sampson and further in view of U.S. Patent Application Publication No. 
2001/0054059 to Marks et al. ("Marks"). 

The Office Action alleges various teachings of Squier, as modified by Sampson. 
However, the Office Action acknowledges, as to the rejected claims, that Squier and Sampson 
fails to teach features relating to the pay-per-use and the subscription content (see Office Action 
on page 7, lines 17-18). The Office Action proposes to modify Squier and Sampson with the 
teachings of Marks so as to cure such deficiencies. 

Applicant submits that even if it were obvious to so modify Squier, which Applicant does 
not admit, such modifications would fail to cure the deficiencies as discussed above as to the 
independent claims. Accordingly, Applicant submits that the combination of Squier, Sampson, 

30 



U.S. PATENT APPLICATION 10/026,403 
Response to Final Office Action Dated December 3, 2008 
Attorney Docket: 72167.000570 



and Marks, as set forth in the Office Action, fail to teach or suggest each and every feature of the 
claimed invention. 

Withdrawal of the 35 U.S.C. 103 rejection is requested. 

D. Newly Added Claims 

Regarding newly added claims 27-29, Applicant respectfully submits that support for 
newly added claims 27-29 may be found at least in the Applicant's disclosure in paragraphs 
[0040]-[0067] and Figures 2-4 of the published patent application, for example. Applicant 
respectfully submits that the newly added claims 27-29 are allowable over cited references for at 
least the reasons as discussed above. Moreover, these claims recite additional features which are 
not disclosed, or even suggested, by the cited references taken either alone or in combination. 
Accordingly, Applicant respectfully submits that the newly added claims 27-29 are allowable 
over the cited references. 

E. CONCLUSION 

For at least the reasons outlined above, Applicant respectfully asserts that the application 
is in condition for allowance. Favorable reconsideration and allowance of the claims are 
respectfully solicited. 

For any fees due in connection with filing this Response the Commissioner is hereby 
authorized to charge the undersigned's Deposit Account No. 50-0206. 
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Should the Examiner believe anything further is desirable in order to place the 
application in even better condition for allowance, the Examiner is invited to contact Applicant's 
undersigned representative at the telephone number listed below. 



Respectfully submitted, 
N Hlj^TON ^W^LLIAMS 




Dalei Dong 

Registration No. 60,363 
For 

James R. Miner 
Registration No. 40,444 



Hunton & Williams LLP 
1900 K Street, N.W., Suite 1200 
Washington, D.C. 20006-1109 
(202) 955-1500 



Dated: March 3, 2009 
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